The Honorable Thomas B. Modly was sworn in as the 33rd Under Secretary of the Navy Dec. 4, 2017.
Mr. Modly graduated from the U.S. Naval Academy in 1983 with a Bachelor of Science, with distinction, in Political Science. Upon graduation he joined the United States Navy and proudly served as an UH-1N pilot until 1990, when he departed active duty for business school and the private sector. While serving in the Navy, Mr. Modly attended Georgetown University where he earned a Master of Arts in Government/International Relations in 1983. He also attended Harvard Business School from 1990 to 1992 where he earned a Master’s in Business Administration with Honors in Business, Government and Strategy.
Mr. Modly previously served as the Deputy Under Secretary of Defense for Financial Management from 2004 to 2007.
From increasing warfighting lethality to business reform, Mr. Modly is focused on expanding innovation and driving a culture of agility, accountability and learning for the workforce, he explained in a keynote address at the Sea Air Space Expo in April.
In addition to serving as the Under Secretary of the Navy, Mr. Modly serves as the Department of the Navy (DON) Chief Management Officer and Chief Information Officer.
Citing challenges to the nation’s security and prosperity, which include an array of threats, from great power competition to international terrorist organizations, Under Secretary Modly’s focus is on building more lethal platforms, a more lethal and flexible workforce, and ensuring maritime superiority.
“In lockstep with the tenets of the National Defense Strategy, the DON will invest in defensive capabilities to “ensure freedom of navigation, disaster relief and humanitarian assistance, and the application of lethal power if necessary,” Modly said.
He explained that the Secretariat is taking an enterprise view of improvements for end-to-end business processes and business systems investments to ensure financial auditability, better performance and affordability.
Q: In recent remarks you emphasized the importance of financial auditability and data visibility, without which, you said “we cannot properly plan and pay for operations … we risk ships not getting underway and airplanes not flying.” Once the department has the results of the audit, what will your office do with the data? What are the first steps and long-term objectives?
Under Secretary Modly: One of the first questions I was asked by the late Senator John McCain during my confirmation hearing last year was about the auditability of this Department, and I completely agreed with his line of questioning. If we cannot accurately and immediately account for everything the American taxpayer has purchased with their hard-earned dollars, then we have failed in our most essential mission. But financial auditability and data visibility goes far beyond purchases and receipts. Without clean data sets and agile business processes, we will without question remain inefficient in providing the warfighter what he or she needs in conflict, and fail them, too. That is the sense of urgency we must sense every day when we come to work – because our so called “back-office” functions are actually, when you think about it, front-line necessities.
Audit results are critical to the agility and accountability of our institution. When we take a test or an exam, we usually don’t want to miss a question. But in an audit, we absolutely want to find out what is missing, quickly, and share that information right away with the rest of the team so that the entire organization can learn. That is the most precious data we will glean from our audits – what business processes require improvement, and where the opportunities for greater effectiveness and efficiency lie. And those opportunities are always there. Audits are essential in order to help us find them.
One of the first things we’ll do with that data is create a strategic picture of our processes, and share it with our customers – the operators in the Fleet and Marine Operating Forces who depend on it. And the closer we work with those customers, the better off we all will be. Their constant feedback is critical in any success we may enjoy. So we’ll use agile methods to determine process owners at every step of our back-office service chains, and ensure end-to-end resources are available to make those processes work with maximum speed and efficiency. This process of continual improvement really never stops – our long-term objective is to constantly find savings (in time, in resources, in effort, which all equate to money), reinvest those dollars back into the recapitalization and readiness of our forces, and deliver greater value to the warfighter, each and every day.
In your blog post, for War on the Rocks “Audit! Calculated Risk and Agile Accountability in the Sea Services,” you discussed the principle of calculated risk regarding Adm. Chester Nimitz’s orders to Task Force 17 and Task Force 16 in the Pacific theater during World War II. How does the principle of calculated risk, which typically applies to warfare, relate to the roles and responsibilities of CMO and CIO?
Modly: Many business operating principles bridge my dual roles as CMO and CIO – and one of the most important of those is the principle of calculated risk. If we allow our Sailors and Marines to take more risk in the field than we are willing to take in adapting the processes and systems that support them, we have done both them and the Nation a disservice. Our Navy business processes must reflect a culture of agility and accountability that yields faster access to information, reduces bureaucracy and streamlines decision-making, all while accepting an acceptable amount of calculated risk in the process.
As CMO and CIO, I am able to shape the implementation of improvements discovered during audits, manage the risks associated with implementing these new strategies, and transform those portions of our business culture that are not serving the needs of our people, both uniformed and civilian. Fundamentally, taking calculated risk within the Department is a constant action item for our overall Enterprise Risk Management program, and will help us answer: (1) Should we do it? Is the action aligned with our culture, values, ethics business plan and risk appetite? (2) Can we do it? Are our Sailors and Marines, processes, organization and technology capabilities aligned correctly? And (3) Did we do it? Can we conduct an assessment of expected results, continuously learn and improve from past actions and operate in a robust system of checks and balances?
Q: One of your lines of effort is to implement business reforms that yield significant savings to free up capital to fund the DON’s large capital requirements. The audit may reveal that the department’s disparate business systems require modernization and integration which will be costly to implement. Where do you envision the savings will come from?
Under Secretary Modly: It’s important that we continually scan the horizon and contemplate the full range of potential solutions as we identify and implement business system modernization. Business systems modernizations are resource-intensive at first, but by consolidating and modernizing our business systems we can eliminate costly and redundant legacy systems, gaining efficiencies and real savings in the long run.
One of our key findings across the enterprise is that our many legacy systems, built in different eras and for well-meaning reasons, do not often talk to one another or use the same clean data. We’re working on that from an enterprise perspective right now. The point is that, well before we decide to invest in new systems, we need to understand the processes first, end-to-end. The integration and modernization challenges of these systems are usually symptoms of underlying problems with policies, standards, processes, organizational authorities, governance, and staffing. Our focus is on identifying and resolving these root-cause issues in advance of business systems modernization, not only to harvest savings that will fund subsequent IT modernization efforts, but also to enable these efforts to succeed through comprehensive well in advance of implementation.
Q: How is the Navy transforming the way it delivers data and capabilities to the fleet?
Under Secretary Modly: The Navy is testing a concept that might eventually transform the way data is moved to and from its afloat vessels, and most importantly, the way Sailors use that data to operate underway. This approach could let the Navy deploy new software capabilities in under 24 hours, and not the 18-month timeframe that we have today. Instead of “pushing” huge amounts of information (that may or may not be useful) over constrained pathways to commanders afloat, the commander will have the ability to “pull” information and store it in their on-board cloud. We think this will be a transformative change.
Q: Tech experts say that the DON must fully implement cloud computing to leverage the advantages of big data strategies, artificial intelligence and machine learning. Further expanding cloud computing is one of the Defense Department’s top priorities. What are the Navy Department’s plans in this area; will the DON follow the DoD’s lead?
Under Secretary Modly: I agree that cloud computing implementation will be critical to our future mission success. We’ve been an early-adopter and leader in cloud-enabled technologies since 2013. For example, the Navy and SPAWARSYSCOM established in 2014 the very first operational Cloud Access Point (CAP) in DoD. And it was the DON that in 2015 established and began hosting Navy and Marine Corps systems and applications via the very first commercial cloud contract approved for use by DoD.
The Navy’s data and cloud strategy is maturing and has already produced no less than three cloud-focused policies. The latest policy established a “cloud-first" strategy and a new governance model that integrates cybersecurity, standards, acquisition requirements, and mission owner roles and responsibilities into a uniform effort – one that will consume both commercial and DoD-provided cloud as securely and natively as possible.
The Marine Corps’ cloud strategy is closely aligned to the Navy’s, and will include cloud- and mobile-based applications as a cornerstone of delivering an “Objective Network” to our deployed and in-garrison Marines. Where Marine Corps warfighting mission areas are not supported by an existing general-purpose commercial cloud solution, the Marine Corps expects to employ hybrid (on-premise and off-premise) cloud solutions. Near-term plans for the Marine Corps cloud effort will include conducting pilots with cloud ready systems, and applications for both Software as a Service (SaaS) and mission focused Infrastructure as a Service (IaaS) solutions.
As for following DoD’s lead, all previously mentioned DON accomplishments in cloud were only made possible via coordination and information sharing with DoD, DISA, the other MILDEPs and Services, and with Industry. We envision that this relationship will become even more aligned as we look to leverage future big data strategies, artificial intelligence, and machine learning for the collective advantage of DoD and the DON.
Q: Following up on our previous question: Military cloud requires reliable network connectivity and highly secure networks. Ships at sea have limited network bandwidth. What is your plan for implementing cloud within the naval fleet?
Under Secretary Modly: There are many technologies that offer “on-premises” clouds. The main change for the future Naval computing stack with respect to today’s traditional processing nodes will be increased virtualization and modernization of our ashore and forward deployed systems.
The Navy’s Compile to Combat in 24 Hours (C2C24) framework will be one major element of our end-to-end transformation of our Navy's data enterprise architecture and software modernization practices. These practices have already been proven to assist with limited bandwidth on ships and in littoral environments. For example, the Navy successfully tested the concept in Spring 2018 aboard the USS ESSEX and USS STOCKDALE to validate this transformation in how data is used operationally. The C2C24 end-to-end architecture models replicates today’s industry best practices, and includes the use of cloud technologies.
The Marine Corps cloud strategy involves modernizing the current capability sets to provide virtualized and modernized servers. Marines will transition from legacy client-based services to modern mobility devices that better leverage cloud architecture in terms of applications and containerization. This is the tie-in for greater network security. Eventually, all deployed Marines will be able to operate disconnected from enterprise cloud services and yet retain the ability to synchronize data with the enterprise once connectivity permits.
Q: Capt. Damen Hofheinz, Director, Office of the CIO (OCIO), in a recent CIO column for CHIPS, explained that the OCIO retains many of the traditional responsibilities of a CIO, including the statutory requirements. How does the Secretariat’s realignment streamline responsibilities for the CMO and CIO?
Under Secretary Modly: Soon after his arrival, the Secretary of the Navy saw that there were too many layers of management between us and those critical enablers. We just could not be agile enough in our approach to change leadership with existing legacy, stove-piped approaches. We also needed experts, rather than generalists, to help lead each of the main areas of those functions – and really, change is occurring too rapidly to do otherwise.
Bureaucracies, as is often said, are designed not to change but rather to continue to do the same things over and over, and do them well. In some cases, we want to retain the qualities of consistent performance in our structure, such as paying our people on time; in others, like business process management and IT, those same qualities go against their very nature as change agents for the enterprise. So the Secretary and I decided to create an Office of the Chief Management Officer, with four leaders in critical subareas and small, agile teams to help them map current processes, work closer with our Fleet and Marine Operating Forces, and hypothesize and test how current business practices in the private sector might apply to the Department of the Navy.
Q: Many of your priorities overlap in your roles as Chief Management Officer and Chief Information Officer. For example, business reform requires focus on the DON’s enterprise infrastructure, enterprise IT architecture, policy, governance, and oversight; and data center policy, governance, oversight, and resource approval. These are CIO efforts. How do you bring the two roles, CMO and CIO, together to get the results you envision?
Under Secretary Modly: Actually, many common business operating principles apply to both Management and Information operations. The Secretary and I have further empowered the uniformed leaders of IT for both the Navy and Marine Corps, adding greater agility and dynamic capacity to continually adapt to that rapidly changing field. I receive comprehensive briefs on not only current but future plans by the OCIO team, and interact with those IT leaders weekly. Many times, the OCMO experts need to be in the room, too, because much of what we do there also depends on clean, verifiable data, analytics capacity, and end-to-end process design. Finally, both elements of OCIO and OCMO are about the customer in the end – the Sailors and Marines serving our nation. We should do everything within our power to ensure they never have to think about the support structures of management and information operations that help them perform their mission.
Q: The unauthorized disclosure of personally identifiable information (PII) is an ongoing problem throughout the federal government and the private sector impacting Sailors, Marines and civilians, what initiatives are you taking to reduce the problem within the DON?
Under Secretary Modly: You are absolutely right, the unauthorized disclosure of PII is a grave problem for all facets of our society, the private sector, state, local, and tribal governments, the federal government writ large, and right here within the DON and DoD. Protecting the privacy generally, and the PII specifically, of our Sailors, Marines and civilians is a top priority here in the Department. After all, if our force is constantly worried that their or their families’ identities will be stolen and used in such a way that they can be harmed, be it financially, medically, or even physically, then they will not be focused where we need them to be, which is carrying out our mission.
We have taken a number of aggressive steps to ensure the confidentiality, integrity, and availability of the PII that has been entrusted to us. Key to our efforts is continually educating our team on protecting our PII and the responsibilities we all have in this effort, regardless of where we are in the chain of command. Human error is by far the most frequent cause of a PII breach. The best way to correct this deficiency is by making our workforce more aware of their responsibilities in protecting PII, providing methods to identify potential problems, and showing them how to fix it themselves.
So yes, protecting the PII of DON personnel is a foremost priority. We are consistently reviewing how we use and protect the PII entrusted to our care.
Q: The DON provides oversight for transition to the Risk Management Framework (RMF), SECNAV-level cybersecurity policy, and enterprise risk management initiatives. Can you describe some of the ongoing activities?
Under Secretary Modly: Sure, we are using the new RMF process to assess and authorize new IT systems, as well as replace previous authorizations when they come up for renewal. The RMF process provides a more granular assessment of risk while emphasizing continuous monitoring, diagnostics, and risk mitigation. To support the RMF transition, the Navy is streamlining process workflows used by the fleet in the “Assessment and Authorization” tracking tool. The Navy’s process guide includes a bridge conversion process that maximizes use of existing security artifacts and testing to issue new RMF security authorizations.
Both services provided RMF training at this year’s DON IT Conferences in San Diego (February) and Norfolk (May). To improve guidance, our SECNAV Cybersecurity Manual, and the Incident Response Instruction, is being updated to address an enterprise risk management approach, our increased use of cloud environments, and to better align with DoD and National Institute of Standards and Technology (NIST) guidelines. These initiatives are enhancing the DON’s ability to assess enterprise risk and monitor the cyber posture of systems, networks, and devices approved for operation.
Q: Modern warfare is heavily reliant on the electromagnet spectrum. What is the DON doing to achieve dominance in this new battlespace?
Under Secretary Modly: Our air, land, maritime, space, and cyberspace operations require access to the electromagnetic spectrum for mission success. The OCIO spectrum team is leading and supporting efforts in both national and international arenas to ensure spectrum is available when and where needed by our Sailors and Marines to achieve and maintain dominance in this domain. Through forward-leaning policies, we are enhancing electromagnetic battle space management capabilities, and providing commanders with reliable, relevant, and networked tools to conduct comprehensive training and operational planning. We are also promoting organizational readiness through sound engineering, acquisition, and administrative practices.
At the national level, we are improving spectrum supportability processes and procedures to ensure spectrum dependent systems are protected and maintained in full operational capability status. This includes ensuring that Spectrum Relocation Funds are available when needed to maintain operational capabilities as DON systems transition from reallocated spectrum.
At the international level, we actively participate in treaty negotiations associated with the United Nations International Telecommunications Union to advocate for DON mission requirements and defend our access to spectrum around the world. We are especially vigilant of actions and decisions made in this arena, for they impact national-level priorities.
Q: Is there anything else you would like to discuss?
Under Secretary Modly: As one of his first priorities, the Secretary asked me to lead a “clean-sheet” study of all elements of naval education, with no preconceived notions and no option off the table, and to deliver recommendations to him by the end of this year. We called it “Education for Seapower,” or E4S, because technical and strategic understanding, along with critical thinking capacity, are more essential than ever before to create and sustain maritime dominance in this new age of inter-state competition. As the 2018 National Defense Strategy points out, a lethal, agile force depends on the creativity and talent of the American warfighter – our greatest enduring strength.
So we are very excited about the possibilities of this review – really, a study of this scope and scale has not been attempted in 100 years, since Captains Ernie King, Dudley Knox, and Bill Pye were ordered to form a board to reconsider an educational system that many felt was inadequate after World War One. You will remember the name Ernest King – he was a five-star Fleet Admiral at the end of World War Two, and a former President of the Naval Postgraduate School. The resulting “Knox-King-Pye” report was a seminal document that helped shape educational expectations and career paths for more than forty years. We are striving for a similar transformational change from this Study, which is occurring at yet another inflection point in history when new streams of technical innovation must be harnessed for long-term strategic advantage.
As we set up our E4S team, we were very fortunate to find world-class volunteers to serve on our E4S Executive Board, such as ADM Mike Mullen, GEN John Allen, AMB Barbara Barrett, and Dr. Harlan Ullman. This Board has met many times over the spring and summer, listening to the testimonies of military and civilian educational leaders, professional military education experts and practitioners, personnel chiefs, and many more. We’ve also conducted more than 50 separate interviews with leaders and experts from our sister service schools, civilian universities, learning leaders in the private sector, think-tanks, and retired Admirals and Generals from all four military services and the Coast Guard. In addition, we sent questionnaires to our educational institutions, manpower leaders, and others to gain their perspectives on the strengths and weaknesses of the current educational enterprise, and asked them for their thoughts on how it might be improved.
Overall, we’ve learned a great deal about our educational system, how it is valued by our warfighting communities, and how our institution might align it in different ways for a more orchestrated, coordinated effect. The Board is currently completing its recommendations, so I won’t go into them before they have the opportunity to brief the Secretary, but overall, their thoughts have generally centered on the themes of organization, governance, and policy, as well as elevating learning, both individually and at the organizational level, as a warfighting enabler. The Secretary asked the Board for bold recommendations, not incremental ones, and just like him, I’m excited to hear what the Board will deliver.
Q: What is the Department of the Navy’s (DON) Business Operations Plan?
Under Secretary Modly: The DON’s Business Operations Plan articulates exactly what the DON is doing in support of the strategic goals set forward by the National Defense Plan: (1) rebuild readiness and increase the lethality of our force, (2) strengthen our alliances and attract new partners, and (3) reform business practices for greater performance and affordability. The success of our plan hinges on prioritizing our people, capabilities, and processes to achieve these National Defense strategic goals, positioning the Navy to address the security and defense challenges of today and tomorrow.
Overall, the plan is designed to be a living management tool and presents a roadmap to achieving our strategic priorities. The readiness and lethality of our force depends on our people. We must continue to attract, educate, train, and retain the best and brightest – military and civilian. The strength of our people also directly impacts the effectiveness of our capabilities. These include the national projection of power and the continual achievement of maritime dominance. In tandem, we will work to strengthen our alliances while attracting new partners with a desire to promote global cooperation. Reforming our business processes bolsters our first two strategic lines of effort. Streamlined processes, reduced redundancies, and increased accountability practices will enhance our performance and affordability.
Q: Who is the audience for the Business Operations Plan?
Under Secretary Modly: Our audience for this Plan is the entire Department of Navy business ecosystem, which includes Sailors, Marines, civilian employees, and industry. Most importantly, the Plan will be available to the American public, our most important stakeholder, in order to provide transparency for how we are managing taxpayer dollars and working towards a stronger, ready, and more lethal Navy.
Q: How are you rolling out the Business Operations Plan?
Under Secretary Modly: The Department of the Navy Business Operations Plan is set to release in late October 2018. The Plan will undergo regular, iterative updates to reflect progress and new fidelity in our strategic planning. We are employing a phased approach to rollout the Plan, leveraging social media, internal and external Department of Navy publications, website updates, and various speaking engagements to educate, inform, and socialize the Navy Business Operations Plan upon its release and subsequent updates.
Editor’s Note: The Department of the Navy released the DON Business Operations Plan Oct. 24.